# {{ ansible_managed }}

[DEFAULT]
rootwrap_config = /etc/ironic-inspector/rootwrap.conf
auth_strategy = keystone
debug = {{ debug }}

# RPC Backend
transport_url = {{ ironic_inspector_oslomsg_rpc_transport }}://{% for host in ironic_inspector_oslomsg_rpc_servers.split(',') %}{{ ironic_inspector_oslomsg_rpc_userid }}:{{ ironic_oslomsg_rpc_password }}@{{ host }}:{{ ironic_inspector_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ ironic_inspector_oslomsg_rpc_vhost }}{% if ironic_inspector_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

[capabilities]

[cors]

[database]
connection = {{ ironic_inspector_openstack_db_connection_string }}
max_overflow = {{ ironic_inspector_db_max_overflow }}
max_pool_size = {{ ironic_inspector_db_max_pool_size }}
pool_timeout = {{ ironic_inspector_db_pool_timeout }}

[discovery]
enroll_node_driver = ipmi


[dnsmasq_pxe_filter]
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
dhcp_hostsdir = /etc/dnsmasq.d/dhcp-hostsdir
dnsmasq_start_command = systemctl start dnsmasq
dnsmasq_stop_command  = systemctl stop dnsmasq
{% endif %}

[iptables]
{% if ironic_inspector_pxe_filter == "iptables" %}
manage_firewall = True
{% endif %}
dnsmasq_interface =  br-ironic

[ironic]
username = ironic
password = {{ ironic_service_password }}
project_name = service
user_domain_name = {{ ironic_service_user_domain_id }}
project_domain_name = {{ ironic_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
insecure = {{ keystone_service_internaluri_insecure | bool }}

[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = password
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = default
user_domain_id = default
project_name = "service"
username = ironic_inspector
password = {{ ironic_inspector_service_password }}
region_name = {{ keystone_service_region }}
memcached_servers = {{ memcached_servers }}
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[oslo_policy]

[pci_devices]

[processing]
add_ports = pxe
keep_ports = present
store_data = database
store_data_location = report_path
ramdisk_logs_dir = /ironic/log
always_store_ramdisk_logs = true
{% if ironic_inspector_processing_hooks is defined %}
processing_hooks = {{ ironic_inspector_processing_hooks }}
{% endif %}
{% if ironic_inspector_enable_discovery == true %}
node_not_found_hook = enroll
{% endif %}

[pxe_filter]
{% if ironic_inspector_dhcp_type == "isc_dhcp" %}
driver = iptables
{% else %}
driver = dnsmasq
{% endif %}

[swift]
username = swift-inspector
password = {{ ironic_inspector_swift_password }}
project_name = ironic-inspector
user_domain_name = default
project_domain_name = default
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
container = ironic-inspector
